Phishing Attacks: Time to See Who Has Been Hooked

During my tenure as an IT executive in the banking sector, I experienced firsthand the frustration organizations face when they have been targeted by a phishing attack but are unable to learn much more than that. Remediation is a struggle without understanding the extent of the damage – did the attack leave behind a path of destruction, or did it barely make any impact on customers at all? Further, protecting against similar future attacks becomes challenging when the only information banks have to go off of are warning lights from a black-box solution.

In my experience, when an inevitable phishing attack targeting a bank’s customers occurs, they generally have enough security in place to take down the attack relatively quickly. However, attacks are the most dangerous right after they go live. The question always remains: who got victimized in those precious minutes or hours before the situation was handled? Until recently, there was no way of telling and, without that information, it was difficult to achieve full mitigation.

My experience is all too similar to what many banks are facing today. Most organizations employ some sort of anti-phishing solution in addition to other layers of anti-fraud protection that can inform them about potential incidents further down the fraud lifecycle. Authentication prompts, anomalous activity alerts, and malware detections are just a few of the security solutions that can warn about potential fraud. Whenever there is a phishing incident, lots of lights will blink and notifications will be sent. However, if security teams lack the intelligence to know which phishing sites tricked the most users, or which users entered their credentials into them, they run the risk of wasting precious overhead, resources, and personnel on incidents that turn out to be insignificant. The context for other alerts matters and data that confirms which individual users fell for phishing attacks can provide the frame of reference needed to prioritize triage for the most at-risk customers.

Adding insult to injury, many cybersecurity solutions only truly detect fraud once money has already been removed from a customer account. Threat remediation solutions often cannot react or even send an alert until after money is stolen. It is expensive and time-consuming to track the stolen funds as they pass through mule accounts that are created by the fraudster to make them harder to trace, meaning there is no guarantee that the funds will ever be recovered.

Security would be greatly increased if organizations had some idea of who has been victimized by a confirmed attack before funds are hijacked from accounts. Remediation, before the money is pilfered, is cheaper, less time consuming, and helps to maintain an organization’s sterling and trustworthy reputation among its customers.

Financial institutions need to employ anti-fraud solutions that can shine a light on the security blind spot of which specific users entered credentials into phishing websites, or else the costs of false positives, alert fatigue, and customer restitution will continue to snowball. Visibility into which customers have been compromised, and who among them is likely facing an imminent account break-in, can be the difference between having to track down elusive digital criminals and preventing the cashing-out phase of the attack from taking place at all.

For this reason, organizations should be on the lookout for security solutions that can provide these forms of intelligence:

Information about which phishing sites are getting clicked on by most users, so they can be prioritized for takedown.

Data about which victimized customers have entered their sensitive personal information into phishing sites.

Machine learning that can find sites similar to an organization’s brand keywords as soon as they are created in the Domain Name System.

To learn about how Victim Insights from Digital Threat Protection can help your organization respond effectively to phishing attacks, click here.

Mike Lopez leads the service delivery process in the US, Canada, and EMEA. Prior to joining Cyxtera, Mike spent approximately 15 years of his life in the banking industry, holding a variety of leadership roles. Mike has a degree in Information Technology and lives in Miami with his wife and children.